Protecting Your Protected Health Information (PHI)

Have you ever felt nervous making a withdrawal from an ATM? Maybe someone was hovering a little too close for comfort. You may have wondered, “Did that person just see me enter my PIN?” 

Many of us have had our purse nabbed or wallet stolen. In the wrong hands, we worry our driver’s license, medical ID card and credit cards will be used to create havoc in our lives. With personal information in the hands of the wrong person, our identities can be stolen online, too.

Every day, stolen identities are used in health insurance scams. Luckily, you can take steps to keep your protected health information (PHI) in the right hands.

Keep Your Information Secure
Your PHI is safe when it’s only shared with people you trust. PHI includes medical records and other health-related documents that list personal data. This personal data is usually your:

  • Address
  • Birthdate
  • Social Security Number

If you’re not sure what is and isn’t PHI, ask yourself these questions:

  • Does the document show anything linked to my health condition?
  • Is my name on the document?
  • Can I be identified by anything shown on the document? 
  • Is the account I use to pay for care listed?

Keep in mind, if the document isn’t related to your health, it may not be PHI.

Standard Authorization Form
A standard authorization form lets you choose who has access to information about your health conditions and claims. For example, you might allow Blue Cross and Blue Shield to talk with your daughter if she’s helping manage your care. You can easily access and download the form anytime you need it using our Form Finder tool. (Search for “Privacy Standard Authorization Form” in the Search bar.)

Keep in mind, using the form is your choice. You don’t have to use it if you don’t want anyone to have access to your information. We won’t release your PHI to anyone unless you give us permission to do so.

PHI and Covered Dependents
After every health claim is finalized, an Explanation of Benefits is provided. An EOB shows a breakdown of services received, along with their costs and what you might have to pay.  Available on Blue Access for MembersSM, an EOB also displays PHI. What does this mean if there is more than one family member on a health plan?

If you cover dependents on your health plan, you don’t need a standard authorization form to receive or view their EOB information in BAM. However, only the policyholder can view an EOB.

Dependents can’t see their EOB or an EOB for anyone else on the plan. Only the policyholder can share an EOB with their dependents. It can be shared by printing a copy from BAM or emailing it.

If you’d like your dependent to be able to request a paper copy of an EOB for someone else on the plan, you’ll need to submit a standard authorization form.

Always be aware of your PHI. Protect it so it’s only shared with people you choose.

Sources: Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, leaving site icon U.S Department of Health & Human Services, 2024

Originally published 2/18/2015; Revised 2016, 2018, 2020, 2023, 2024

Ask a Question

Could not find an answer to your question. Ask us your question here.